Introduction

The Chromebooks with Intel processors are fast. I've replaced my Macbook Air with a Chromebook, and run the standard ChromeOS software on VT01, and virtual machines on VT02. I have booted both Windows and different versions of Linux and the 9front version of Plan 9.

I currently use a custom build of Qemu. It's a bit hard to get Qemu built in the ChromeOS build system at present, so I've got a directory containing Qemu, its libraries and BIOS files, and scripts to chroot to that directory and run Qemu. Access to devices, where needed, is provided via bind-mounts. The setup sounds a bit kludgy but works well for me; nevertheless, we welcome improvements. What we'd most prefer is to get this patch series into chromeos, so we have qemu as part of a "real" build.

FWIW, this particular instance of qemu was built on arch Linux, lost, sadly, when my Air was stolen.

Background

The firmware on ChromeOS devices will clear the VMX bits during boot. This means that support is disabled, but it is not locked such that runtime cannot change things. This keeps things secure during initial boot, but doesn't lock out people from enabling things themselves in the kernel. Otherwise, they'd have to resort to modifying the firmware and that's always a tricky proposition (make a mistake and you have a brick).

When the ChromeOS kernel boots up, it will look for the disablevmx=[on|off] option on the kernel command line. If it is set to off, then VMX support will be enabled. For all other situations, we disable VMX and lock the bits so they cannot be turned back on. This keeps the system secure.

Current ChromeOS systems all ship with KVM disabled. That means you need to currently build a custom kernel yourself in order to get KVM support.

Board Specific Notes

Be aware that on earlier ChromeOS devices, the firmware contained bugs such that they locked VMX support during power on. It's known to affect:

and it might just work. Please let rminnich@chromium.org know about bugs.

Checking VMX Support on Unofficial Hardware

If you are trying to run ChromiumOS on your own hardware (i.e. not a Chromebook/Chromebox), you should make sure your system is properly configured first.

CPU Support

Make sure your CPU has support for the Intel VMX extensions. Simply look at /proc/cpuinfo to see if it has the vmx flag:

$ grep '^flags\s*:.* vmx ' /proc/cpuinfo
flags : ... vmxsmx ...

If you don't, then sorry, but your CPU doesn't support VMX extensions.

BIOS Settings

Most BIOSs today have an option to enable/disable VMX support at boot, and then lock any further modifications. They often times default to disabling the VMX extensions.

You can check at runtime by using the rdmsr command from the iotools package:

$ sudo modprobe msr
$ sudo iotools rdmsr 0 0x3a
0x0000000000000001

You only care about the lower 3 bits. An explanation of the first few bits:

Bit

Meaning

0

Settings are locked

1

VMX Extensions

2

SMX Extensions

Thus, if the last digit in the output is "1" (or much less unlikely, "8"), your BIOS has disabled VMX support and locked further modification. You will need to reboot into your BIOS, find the option, and enable it. Look for the word "virtualization".

Using kvm-ok Helper

The latest versions of QEMU/KVM include a tool called kvm-ok which is designed to perform various sanity checks on the system and see if things will work. Simply install it (note: it's often included in the "kvm" package in your distro) and run it: